In the first article in this series we talked about the buzz around wireless networking. In the intervening time, the wireless network buzz has only grown louder with the release of actual hardware that implements the IEEE 802.11a 54Mbps standard, which is more than five times as fast as the current flavor 802.11b.
Wireless networks are even more in the news than when Part I of this series was written -- for both good and bad reasons. The good is that there are even more choices in wireless networking and the 72Mbps turbo-version of standard 802.11a is finally available from a number of vendors; the bad is that several new security vulnerabilities have been discovered in the WEP (Wired Equivalent Privacy) standard built into all 802.11x wireless cards. This isnít a fatal flaw, but it is making life a lot more "interesting" for those wishing to deploy wireless networks -- a lot more planning must be done to "get it right."
For Linux specifically thereís been nothing but good news: every modern Linux distribution that supports PCMCIA cards can now use wireless cards from almost any vendor. This is easier than youíd think since there are only three or four kinds of PCMCIA controller chipsets being used by the majority of vendors. Itís as easy as going to your local CompUSA and dropping $100 for a card and youíre on the air. Even desktop systems can support PCMCIA cards with the addition of a single- or double-card controller.
On the access point side of things there are more choices too; there are dozens of vendors marketing access points and the prices typically are in the $200-$350 range. The only hitch is finding an access point you can manage from a Linux system.
One of the most amazing things about Linux from an infrastructure perspective is the depth and breadth of networking systems and facilities it supports right out of the box. From AppleTalk to TCP/IP and PPP to wireless NIC cards, itís all there to slice and dice anyway that works for your particular networking needs.
Of course, just because Linux can participate in a network doesnít necessarily mean it can be used to manage that network. Up until recently this was very true for wireless networking, but not anymore.
One of the inherent problems in using a lot of mass market devices like 802.11x access points is the fact that although some manufacturers have gotten hip to Linux as a client (usually because there are Linux advocates who have put in the time to port the drivers), they more often than not donít support Linux as a device capable of managing their access point hardware.
Often this is a simple business decision -- it costs money to develop management applications. And Linux as a desktop system doesnít (yet) command the marketing numbers that Windows boxes do. However, all is not lost, because several of the most popular access point management applications have been developed that let you do all the things you can do with the vendorís own tools.
One of the best-supported access points is also one of the first that was available: the Apple AirPort. Apple was one of the first vendors out of the gate with a wildly popular product that is so simple to install and operate that if you have a DHCP server on your network (and youíre running an "open" network sans encryption) you can just turn it on and plug it into your network with absolutely no further setup (youíll have an "open" network with no encryption turned on, but thatís why there are configuration tools).
Other vendors that can be configured and easily managed with Linux include access points from LinkSys, Agere/Orinoco, and SMC.
Iím partial to the Apple AirPort and have a few of them, so the management tool shown here will pertain to it. I believe the AirPort Configuration shown here will also work with the Agere/Orinoco RG1000, which is basically the same device in different packaging and uses the same MIB.
A really nice tool to manage AirPort Access Points is "AirPort Config," by Jon Sevy at Drexel University. The screen shots shown here are both version 1.5 and 2.0. The 1.5 version works with the older "Graphite" version of AirPort, and the 2.0 version works with the recently introduced "snow" AirPorts that have 128-bit encryption and a number of other new features.
One of the nicest aspects of this program (besides that it runs on Linux) is that itís a Java program so it can run basically anywhere, even on handheld platforms like the Sharp Zaurus or the Compaq iPAQ.
Like Appleís own AirPort utility, Sevyís program allows you to "discover" access points, as shown in Figure 1. Here itís found the two base stations in my office.
Once youíve discovered the available access points, you can use the tool to connect to it and administer its settings. In this example (Figure 2), weíve connected to the base station and can then select from a number of different aspects of the device that can be configured. It seems pretty amazing that these little devices contain so much configurable information until you realize that theyíre basically little real-time, Unix-like boxes. The original "graphite" Apple AirPort was based on a KarlBridge wireless router, while the new "snow" version is reportedly based on VxWorks from Wind River Systems.
One of the most important configurable portions of the Apple AirPort, as well as any other wireless access point, is the ability to control exactly who can connect to and use the bandwidth. The AirPort, like others, does this by controlling what MAC addresses can connect. Here (Figure 3) in Sevyís configurator, you can enter a list of MAC addresses and, optionally, a tag to remind you of who has what card.
Of course, there are a lot more things to configure, including the most important one if you want a way to give yourself and the users of your network a modicum of privacy -- encryption settings for the device. (Yes, WEP can be broken, but for casual, non-monetary transactions it can suffice until more secure firmware is available later this year.)
Of course, even with this link-layer encryption, thereís still a lot more work required if youíre going to deploy and manage larger wireless infrastructures. Weíll get into making wireless networks more secure regardless of WEP in the next article.
Unfortunately, there are not a lot of other open source tools available for configuring access points. One of the ways to handle the situation if your access point isnít directly configurable from Linux is to run the configuration tools supplied by the vendor under an emulator such as VMware, Wine, or Bochs. But this can be disappointing if you are looking for a Linux-compatible solution and may introduce other problems, depending on how tightly the configuration tools are tied to the underlying hardware.
In the resources section below are links to a number of the other access point configuration tools available on the Internet.
Next time in this Linux in the Enterprise series on Wireless Networking, we delve into strategies you can use to build wireless infrastructures and make wireless networking more secure from the laptop/handheld side of things. Weíll also help to make sure that wireless devices canít compromise your network infrastructure.
David HM Spector is President & CEO of Really Fast Systems, LLC, an infrastructure consulting and product development company based in New York
Read more Linux in the Enterprise columns.
Return to the Linux DevCenter.
Copyright © 2009 O'Reilly Media, Inc.